RedHatRHSA-2024:3338(RHSA-2024:3338) Moderate: thunderbird security update
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.11.0.
Security Fix(es):
-
Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)
-
Mozilla: IndexedDB files retained in private browsing mode (CVE-2024-4767)
-
Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-4768)
-
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769)
-
Mozilla: Use-after-free could occur when printing to PDF (CVE-2024-4770)
-
Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | x86_64 | thunderbird-debuginfo | < 115.11.0-1.el8_2 | thunderbird-debuginfo-115.11.0-1.el8_2.x86_64.rpm |
| RedHat | 8 | x86_64 | thunderbird-debugsource | < 115.11.0-1.el8_2 | thunderbird-debugsource-115.11.0-1.el8_2.x86_64.rpm |
| RedHat | 8 | x86_64 | thunderbird | < 115.11.0-1.el8_2 | thunderbird-115.11.0-1.el8_2.x86_64.rpm |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%